39 exprt::operandst::const_iterator it1=arguments.begin();
42 for(
const auto &identifier : goto_function.parameter_identifiers)
45 !identifier.empty(),
"function parameter must have an identifier");
52 const typet ¶meter_type = symbol.
type;
57 if(it1==arguments.end())
64 "not enough arguments, inserting non-deterministic value"
68 parameter_type, state.
source.
pc->source_location());
80 if(parameter_type != rhs.
type())
88 (parameter_type.
id() == ID_signedbv ||
89 parameter_type.
id() == ID_unsignedbv ||
90 parameter_type.
id() == ID_c_enum_tag ||
91 parameter_type.
id() == ID_bool ||
92 parameter_type.
id() == ID_pointer ||
93 parameter_type.
id() == ID_union ||
94 parameter_type.
id() == ID_union_tag) &&
95 (rhs_type.
id() == ID_signedbv ||
96 rhs_type.
id() == ID_unsignedbv ||
97 rhs_type.
id() == ID_c_bit_field ||
98 rhs_type.
id() == ID_c_enum_tag ||
99 rhs_type.
id() == ID_bool ||
100 rhs_type.
id() == ID_pointer ||
101 rhs_type.
id() == ID_union ||
102 rhs_type.
id() == ID_union_tag))
110 std::ostringstream error;
111 error << state.
source.
pc->source_location().as_string() <<
": "
112 <<
"function call: parameter \"" << identifier
113 <<
"\" type mismatch:\ngot " << rhs.
type().
pretty()
114 <<
"\nexpected " << parameter_type.
pretty();
130 rhs =
clean_expr(std::move(rhs), state,
false);
138 if(it1!=arguments.end())
145 for(; it1 != arguments.end(); it1++)
152 ns.
lookup(function_identifier).mode,
161 else if(it1!=arguments.end())
205 for(
auto &argument : arguments)
206 cleaned_arguments.push_back(
clean_expr(argument, state,
false));
233 const exprt &cleaned_lhs,
237 const irep_idt &identifier =
function.get_identifier();
244 auto emplace_safe_pointers_result =
246 if(emplace_safe_pointers_result.second)
247 emplace_safe_pointers_result.first->second(goto_function.body);
262 "recursion unwinding assertion",
276 const std::vector<renamedt<exprt, L2>> renamed_arguments =
289 if(!goto_function.body_available())
300 cleaned_lhs.
type(), state.
source.
pc->source_location());
308 for(
const auto &arg : cleaned_arguments)
311 arg.type().id() == ID_pointer &&
341 locality(identifier, state, goto_function);
354 irep_idt return_value_symbol_identifier =
355 "goto_symex::return_value::" +
id2string(identifier);
363 new_symbol.
name = return_value_symbol_identifier;
365 new_symbol.
mode = function_symbol.
mode;
370 ns.
lookup(return_value_symbol_identifier).symbol_expr();
376 if(pair.second.is_recursion)
392 bool doing_path_exploration)
417 if(state.
threads.size() == 1 && !doing_path_exploration)
427 l2_entry_opt.has_value() &&
429 !path_storage.
dirty(l2_entry_opt->get().first.get_object_name())))
458 if(state.
reachable && call_lhs.is_not_nil())
462 "must have return value symbol when assigning call lhs");
471 const irep_idt &function_identifier,
479 for(
const auto ¶m : goto_function.parameter_identifiers)
483 [
this, &frame_nr](
const irep_idt &l0_name) {
484 return path_storage.get_unique_l1_index(l0_name, frame_nr);
byte_extract_exprt make_byte_extract(const exprt &_op, const exprt &_offset, const typet &_type)
Construct a byte_extract_exprt with endianness and byte width matching the current configuration.
Expression classes for byte-level operators.
static exprt guard(const exprt::operandst &guards, exprt cond)
bitvector_typet c_index_type()
Internally generated symbol table entryThis is a symbol generated as part of translation to or modifi...
framet & new_frame(symex_targett::sourcet calling_location, const guardt &guard)
const framet & previous_frame()
const typet & return_type() const
bool has_ellipsis() const
Operator to dereference a pointer.
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Expression in which some part is missing and can be substituted for another expression.
Base class for all expressions.
std::vector< exprt > operandst
typet & type()
Return the type of the expression.
The Boolean constant false.
Stack frames – these are used for function calls and for exceptions.
guardt guard_at_function_start
std::optional< symbol_exprt > return_value_symbol
symex_targett::sourcet calling_location
std::unordered_map< irep_idt, loop_infot > loop_iterations
std::vector< irep_idt > parameter_names
goto_programt::const_targett end_of_function
std::set< irep_idt > local_objects
irep_idt function_identifier
std::shared_ptr< lexical_loopst > loops_info
::goto_functiont goto_functiont
This class represents an instruction in the GOTO intermediate representation.
const exprt & call_lhs() const
Get the lhs of a FUNCTION_CALL (may be nil)
const exprt & call_function() const
Get the function that is called for FUNCTION_CALL.
const exprt::operandst & call_arguments() const
Get the arguments of a FUNCTION_CALL.
bool reachable
Is this code reachable? If not we can take shortcuts such as not entering function calls,...
const symex_level2t & get_level2() const
Central data structure: state.
ssa_exprt add_object(const symbol_exprt &expr, std::function< std::size_t(const irep_idt &)> index_generator, const namespacet &ns)
Instantiate the object expr.
call_stackt & call_stack()
guard_managert & guard_manager
renamedt< exprt, level > rename(exprt expr, const namespacet &ns)
Rewrites symbol expressions in exprt, applying a suffix to each symbol reflecting its most recent ver...
symbol_tablet symbol_table
contains symbols that are minted during symbolic execution, such as dynamically created objects etc.
symex_targett::sourcet source
std::vector< threadt > threads
void drop_existing_l1_name(const irep_idt &l1_identifier)
Drops an L1 name from the local L2 map.
virtual void symex_function_call_symbol(const get_goto_functiont &get_goto_function, statet &state, const exprt &lhs, const symbol_exprt &function, const exprt::operandst &arguments)
Symbolic execution of a call to a function call.
virtual void no_body(const irep_idt &identifier)
Log a warning that a function has no body.
static get_goto_functiont get_goto_function(abstract_goto_modelt &goto_model)
Return a function to get/load a goto function from the given goto model Create a default delegate to ...
path_storaget & path_storage
Symbolic execution paths to be resumed later.
void havoc_rec(statet &state, const guardt &guard, const exprt &dest)
symex_target_equationt & target
The equation that this execution is building up.
virtual bool get_unwind_recursion(const irep_idt &identifier, unsigned thread_nr, unsigned unwind)
exprt clean_expr(exprt expr, statet &state, bool write)
Clean up an expression.
shadow_memoryt shadow_memory
Shadow memory instrumentation API.
void parameter_assignments(const irep_idt &function_identifier, const goto_functionst::goto_functiont &goto_function, statet &state, const exprt::operandst &arguments)
Iterates over arguments and assigns them to the parameters, which are symbols whose name and type are...
namespacet ns
Initialized just before symbolic execution begins, to point to both outer_symbol_table and the symbol...
virtual void vcc(const exprt &cond, const irep_idt &property_id, const std::string &msg, statet &state)
Symbolically execute a verification condition (assertion).
virtual void symex_end_of_function(statet &)
Symbolically execute a END_FUNCTION instruction.
void symex_assign(statet &state, const exprt &lhs, const exprt &rhs)
Symbolically execute an ASSIGN instruction or simulate such an execution for a synthetic assignment.
std::function< const goto_functionst::goto_functiont &(const irep_idt &)> get_goto_functiont
The type of delegate functions that retrieve a goto_functiont for a particular function identifier.
virtual void symex_function_call_post_clean(const get_goto_functiont &get_goto_function, statet &state, const exprt &cleaned_lhs, const symbol_exprt &function, const exprt::operandst &cleaned_arguments)
Symbolic execution of a function call by inlining.
messaget log
The messaget to write log messages to.
const symex_configt symex_config
The configuration to use for this symbolic execution.
void symex_assume_l2(statet &, const exprt &cond)
virtual void locality(const irep_idt &function_identifier, goto_symext::statet &state, const goto_functionst::goto_functiont &goto_function)
Preserves locality of parameters of a given function by applying L1 renaming to them.
virtual void symex_function_call(const get_goto_functiont &get_goto_function, statet &state, const goto_programt::instructiont &instruction)
Symbolically execute a FUNCTION_CALL instruction.
void populate_dirty_for_function(const irep_idt &id, const goto_functionst::goto_functiont &function)
Analyse the given function with dirtyt if it hasn't been seen before.
bool get_bool(const irep_idt &name) const
std::string pretty(unsigned indent=0, unsigned max_indent=0) const
const irep_idt & id() const
A very simple, cheap analysis to determine when dereference operations are trivially guarded by a che...
mstreamt & warning() const
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Storage for symbolic execution paths to be resumed later.
incremental_dirtyt dirty
Local variables are considered 'dirty' if they've had an address taken and therefore may be referred ...
std::shared_ptr< lexical_loopst > get_loop_analysis(const irep_idt &function_id)
std::unordered_map< irep_idt, local_safe_pointerst > safe_pointers
Map function identifiers to local_safe_pointerst instances.
void add_function_loops(const irep_idt &identifier, const goto_programt &body)
Generates a loop analysis for the instructions in goto_programt and keys it against function ID.
const typet & base_type() const
The type of the data what we point to.
void symex_get_field(goto_symex_statet &state, const exprt &lhs, const exprt::operandst &arguments)
Symbolically executes a __CPROVER_get_field call.
void symex_field_local_init(goto_symex_statet &state, const ssa_exprt &expr)
Initialize local-scope shadow memory for local variables and parameters.
void symex_set_field(goto_symex_statet &state, const exprt::operandst &arguments)
Symbolically executes a __CPROVER_set_field call.
std::optional< std::reference_wrapper< const mapped_type > > find(const key_type &k) const
Find element.
A side_effect_exprt that returns a non-deterministically chosen value.
Expression providing an SSA-renamed symbol of expressions.
Expression to hold a symbol (variable)
const irep_idt & get_identifier() const
bool has_symbol(const irep_idt &name) const
Check whether a symbol exists in the symbol table.
bool add(const symbolt &symbol)
Add a new symbol to the symbol table.
irep_idt base_name
Base (non-scoped) name.
class symbol_exprt symbol_expr() const
Produces a symbol_exprt for a symbol.
typet type
Type of symbol.
irep_idt name
The unique identifier.
irep_idt mode
Language mode.
Functor for symex assignment.
virtual void function_return(const exprt &guard, const irep_idt &function_id, const sourcet &source, bool hidden)
Record return from a function.
virtual void location(const exprt &guard, const sourcet &source)
Record a location.
virtual void function_call(const exprt &guard, const irep_idt &function_id, const std::vector< renamedt< exprt, L2 >> &ssa_function_arguments, const sourcet &source, bool hidden)
Record a function call.
@ VISIBLE_ACTUAL_PARAMETER
@ HIDDEN_ACTUAL_PARAMETER
The Boolean constant true.
static exprt conditional_cast(const exprt &expr, const typet &type)
The type of an expression, extends irept.
Thrown when we encounter an instruction, parameters to an instruction etc.
symbolt & get_fresh_aux_symbol(const typet &type, const std::string &name_prefix, const std::string &basename_prefix, const source_locationt &source_location, const irep_idt &symbol_mode, const namespacet &ns, symbol_table_baset &symbol_table)
Installs a fresh-named symbol with respect to the given namespace ns with the requested name pattern ...
Fresh auxiliary symbol creation.
void symex_transition(goto_symext::statet &state)
Transition to the next instruction, which increments the internal program counter and initializes the...
const std::string & id2string(const irep_idt &d)
Storage of symbolic execution paths to resume.
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Ranges: pair of begin and end iterators, which can be initialized from containers,...
ranget< iteratort > make_range(iteratort begin, iteratort end)
symbol_exprt return_value_symbol(const irep_idt &identifier, const namespacet &ns)
produces the symbol that is used to store the return value of the function with the given identifier
#define SHADOW_MEMORY_SET_FIELD
#define SHADOW_MEMORY_GET_FIELD
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
#define PRECONDITION(CONDITION)
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
const code_typet & to_code_type(const typet &type)
Cast a typet to a code_typet.
bool complexity_limits_active
Whether this run of symex is under complexity limits.
bool unwinding_assertions
bool havoc_undefined_functions
bool doing_path_exploration
void restore_from(const symex_level1t &other)
Insert the content of other into this renaming.
symex_renaming_levelt current_names
goto_programt::const_targett pc
Symbolic Execution of assignments.
static void pop_frame(goto_symext::statet &state, const path_storaget &path_storage, bool doing_path_exploration)
pop one call frame
1.9.1